qwhai / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

64-bit dumps? #170

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
why cant volatility read 64-bit dumps i would like to understand how volatility 
analyzes memory dumps and why doesn't it support 64-bit dumps  and what kind of 
dump formats does volatility support such as .dmp .img .vmem etc. etc. 

Original issue reported on code.google.com by devd40...@gmail.com on 28 Nov 2011 at 2:27

GoogleCodeExporter commented 9 years ago
We have some support for x64 in a branch of the SVN repository.  Use the 
following link when checking it out:

http://volatility.googlecode.com/svn/branches/win64-support/

As for extensions, all that you have listed are supported.  In addition to raw 
formats, Volatility supports libewf (EnCase) and hiberfil.sys (except windows 7 
at the moment) address spaces.

As for understanding "how" you can check out our documentation, blogs of the 
authors and of course the source code.

http://code.google.com/p/volatility/wiki/FAQ

http://code.google.com/p/volatility/wiki/CommandReference

http://code.google.com/p/volatility/w/list

Original comment by jamie.l...@gmail.com on 28 Nov 2011 at 3:42

GoogleCodeExporter commented 9 years ago
I marked this as invalid/closed, since its not a real issue. For general 
questions, please use the mailing lists 
(http://lists.volatilesystems.com/mailman/listinfo). 

Original comment by michael.hale@gmail.com on 28 Nov 2011 at 3:47